{"id":6333,"date":"2017-01-23T15:50:25","date_gmt":"2017-01-23T23:50:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-171\/"},"modified":"2017-01-23T15:50:25","modified_gmt":"2017-01-23T23:50:25","slug":"news-171","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-171\/","title":{"rendered":"MSRT October 2016 release: Adding more unwanted software detections"},"content":{"rendered":"<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/mmpc\/shared\/glossary.aspx#potentially_unwanted_software\">Unwanted software<\/a> often piggy-backs on program downloads, delivered by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/mmpc\/shared\/glossary.aspx#software_bundler\">software bundlers<\/a>. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful.<\/p>\n<p>The bundled or \u201cextra\u201d software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that comes with it can go beyond changing your browser settings without your consent, or affecting your productivity and computing experience. The nuisance can run as deep as putting your PC\u2019s security at risk (for example, installing malware in your PC, or preventing your PC from running your antivirus tools properly).<\/p>\n<p>This month, we are adding detections for the families <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">BrowserModifier:Win32\/Sasquor<\/a>, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">BrowserModifier:Win32\/SupTab<\/a>, and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Trojan:Win32\/Ghokswa<\/a> to <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/malicious-software-removal-tool-details.aspx\">Microsoft Malicious Software Removal Tool<\/a>\u00a0(MSRT) release.<\/p>\n<p>In combination with the families <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Trojan:Win32\/Xadupi<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Suweezy\">Trojan:Win32\/Suweezy<\/a> added last month, these cover a suite of malware that can hijack browser settings, exclude entire drives from being scanning by Windows Defender and some other anti-malware apps, and install potentially unwanted or malicious software without your consent.<\/p>\n<h2>Entry point<\/h2>\n<p>In most cases, these malware families initially arrive as offers installed by software bundlers such as <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=SoftwareBundler:Win32\/Mizenota\">SoftwareBundler:Win32\/Mizenota<\/a>, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=SoftwareBundler:Win32\/ICLoader\">SoftwareBundler:Win32\/ICLoader<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=SoftwareBundler:Win32\/InstallMonster\">SoftwareBundler:Win32\/InstallMonster<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> have been offered by bundlers under many names, including:<\/p>\n<ul>\n<li>Istartpageing<\/li>\n<li>Omniboxes<\/li>\n<li>Yoursearching<\/li>\n<li>iStart123<\/li>\n<li>Hohosearch<\/li>\n<li>Yessearches<\/li>\n<li>Youndoo<\/li>\n<li>Trotux<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"312\" class=\"alignnone wp-image-8995 size-full\" alt=\"Screenshot SoftwareBundler:Win32\/InstallMonster being downloaded with details of its offering SupTab under the name &quot;Yoursearching&quot;\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct1.png\" \/><\/a><\/p>\n<p><em>Figure 1: <\/em><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=SoftwareBundler:Win32\/InstallMonster\"><em>SoftwareBundler:Win32\/InstallMonster<\/em><\/a><em> offers <\/em><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\"><em>SupTab<\/em><\/a><em> under the name &#8220;Yoursearching&#8221;<\/em><\/p>\n<p>Some bundlers show <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a> or <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> offers not as an app they will install, but simply as a change to your browser search and homepage settings.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"665\" height=\"485\" class=\"alignnone wp-image-9005 size-full\" alt=\"Screenshot of the SoftwareBundler:Win32\/SquareNet licensing agreement offering SupTab under the name &quot;iStart123&quot;. \" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct2.png\" \/><\/a><\/p>\n<p><em>Figure 2: <\/em><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=SoftwareBundler:Win32\/SquareNet\"><em>SoftwareBundler:Win32\/SquareNet<\/em><\/a><em> offering <\/em><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\"><em>SupTab<\/em><\/a><em> under the name &#8220;iStart123&#8221;. Note: While the bundler claims that agreeing to this offer will change your browser settings, if you click \u201cAgree &amp; Install\u201d it will also install SupTab services that perform other actions.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>The <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Xadupi<\/a> malware family comes in three different forms, which go by the names CornserSunshine, WinZipper, and QKSee.<\/p>\n<p>Like <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a>, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Xadupi<\/a> can be delivered by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/mmpc\/shared\/glossary.aspx#software_bundler\">software bundlers<\/a>, but it is also often downloaded silently by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> or <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a> themselves. This silent installation technique is common to most of the families in this group &#8211; <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a>, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Xadupi<\/a> all install services and\/or scheduled tasks that regularly query remote servers for instructions, and are occasionally instructed to download and install additional apps. This download and installation happens without your consent or even notice. For example, weeks after <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> has been installed through a bundler, you may suddenly find WinZipper and QKSee on your machine, with .ZIP, .RAR, and other archive files suddenly associated with WinZipper. A few days after that, you may find your browser settings silently changed by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a> or <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Ghokswa<\/a>.<\/p>\n<p>These diagrams illustrate some of the most common ways these families interact:<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"580\" height=\"521\" class=\"alignnone wp-image-9015 size-full\" alt=\"A relational diagram indicating how the unwanted software and malware are being installed by each other\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct3.png\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct4.png\"><img loading=\"lazy\" decoding=\"async\" width=\"594\" height=\"396\" class=\"alignnone size-full wp-image-9025\" alt=\"MSRToct4\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2016\/10\/MSRToct4.png\" \/><\/a><\/p>\n<p>In addition to these common installation chains, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a>, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a>, and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Xadupi<\/a> can be instructed by its malware hosts to install each other at any point. Such behavior can help keep the malware alive on a machine longer \u2013 if one component is left behind, it can reinstall the others.<\/p>\n<h2>What does all this malware do in addition to installing other bits of malware?<\/h2>\n<p>Each family can serve multiple purposes and change over time, but here\u2019s a summary:<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">BrowserModifier:Win32\/Sasquor<\/a>: Changes browser search and homepage settings to circumvent the browser\u2019s supported methods and bypass your consent. It generally targets Google Chrome and Mozilla Firefox users. It also installs services and scheduled tasks that regularly install other malware like <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Trojan:Win32\/Xadupi<\/a>. It also sometimes installs <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Suweezy\">Trojan:Win32\/Suweezy<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">BrowserModifier:Win32\/SupTab<\/a>: Changes browser search and homepage settings, circumventing the browser\u2019s supported methods and bypass your consent. It usually targets Internet Explorer, Microsoft Edge, Google Chrome and Mozilla Firefox. It also installs services and scheduled tasks that regularly install additional or another type of malware.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Suweezy\">Trojan:Win32\/Suweezy<\/a>: Attempts to modify settings for Windows Defender, Microsoft Security Essentials, AVG Antivirus, Avast Antivirus and Avira Antivirus, to exclude certain folders from being scanned. This can prevent detection and removal of the related malware like <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/Sasquor\">Sasquor<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a>, as well as any other malware or unwanted software the machine might encounter. <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Suweezy\">Suweezy<\/a> usually adds C: to the exclusion list, which includes everything under that path, hence creating a significant and imminent danger to your computer\u2019s overall security, by making that path unprotected by your antimalware software.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Trojan:Win32\/Xadupi<\/a>: Installs a service that regularly installs other apps, including <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Ghokswa<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=BrowserModifier:Win32\/SupTab\">SupTab<\/a>. This service is ostensibly an update service for an app that has some user-facing functionality \u2013 CornerSunshine displays weather information on the taskbar, WinZipper can open and extract archive files, and QKSee can be used to view image files.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Trojan:Win32\/Ghokswa<\/a>: Installs a customized version of Chrome or Firefox browsers. The Chrome version represents itself as Google Chrome, but is modified to use a different home page and search engine front-end. If Google Chrome is already installed when <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Ghokswa<\/a> is downloaded by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Xadupi\">Xadupi<\/a>, the <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Ghokswa\">Ghokswa<\/a> installer will silently stop any running Google Chrome processes, and replace all shortcuts and associations for the real Google Chrome with ones pointing to its own version.<\/p>\n<p>Together, these malware families can greatly harm your Windows user experience, and in many cases seriously reduce your computer\u2019s security by tampering with anti-virus apps and introducing new harmful software over time.<\/p>\n<h2>Prevention, detection, and recovery<\/h2>\n<p>To help stay protected:<\/p>\n<ul>\n<li>Keep your Windows Operating System and antivirus <a href=\"http:\/\/www.microsoft.com\/security\/portal\/mmpc\/help\/updatesoftware.aspx\">up-to-date<\/a> and, if you haven\u2019t already, upgrade to <a href=\"https:\/\/www.microsoft.com\/en-us\/windows\/windows-10-upgrade\">Windows 10<\/a>.<\/li>\n<li><a href=\"https:\/\/blogs.windows.com\/msedgedev\/2015\/12\/16\/smartscreen-drive-by-improvements\/\">Use Microsoft Edge<\/a>. It can:\n<ul>\n<li>Help warn you about sites that are known to be hosting exploits<\/li>\n<li>Help protect you from socially-engineered attacks such as phishing and malware downloads<\/li>\n<li>Automatically detect bad changes and protects settings<\/li>\n<\/ul>\n<\/li>\n<li>Use the <strong>Settings<\/strong> app to reset to Microsoft recommended defaults if your default apps were changed.\n<ul>\n<li>Launch the Settings app.<\/li>\n<li>Navigate to the <strong>Default apps<\/strong> page<u>.<\/u>\n<ul>\n<li>From Home go to <strong>System <\/strong>&gt;<strong> Default apps<\/strong>.<\/li>\n<li>Click <strong>Reset<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Avoid browsing web sites that are likely to host malware (such as illegal music, movies and TV, and pirated software download sites)<\/li>\n<li>Ensure your antimalware protection (such as <a href=\"http:\/\/windows.microsoft.com\/en-us\/windows\/using-defender#1TC=windows-10\">Windows Defender<\/a> and <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/malicious-software-removal-tool-details.aspx\">Microsoft Malicious Software Removal Tool<\/a>) is up-to-date.\n<ul>\n<li>If you are using Windows Defender, you can check your exclusion settings to see whether the malware (for example, <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/Entry.aspx?Name=Trojan:Win32\/Suweezy\">Trojan:Win32\/Suweezy<\/a>) added some entries in an attempt to exclude folders from being scanned.\n<ul>\n<li>To check and remove excluded items in Windows Defender:\n<ol>\n<li>Navigate to <strong>Settings<\/strong> &gt; <strong>Update &amp; security<\/strong> &gt; <strong>Windows Defender<\/strong> &gt; <strong>Add an exclusion<\/strong>.<\/li>\n<li>Go through the lists under <strong>Files<\/strong> and <strong>File locations,<\/strong> select the excluded item that you want to remove, and click <strong>Remove<\/strong>.<\/li>\n<li>Click <strong>OK<\/strong> to confirm.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2015\/01\/14\/maps-in-the-cloud-how-can-it-help-your-enterprise\/\">Enable Microsoft Active Protection Service (MAPS)<\/a> to get the latest cloud-based unwanted software detection and blocking.<\/li>\n<\/ul>\n<h2>Related information<\/h2>\n<p>See\u00a0<a href=\"https:\/\/www.microsoft.com\/security\/portal\/mmpc\/shared\/objectivecriteria.aspx\">How Microsoft antimalware products identify malware: unwanted software and malicious software<\/a> for the objective criteria details.<\/p>\n<p>For additional information about what Browser Extensibility Models are, and why we require programs to use them, see our previous blogs:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/04\/21\/a-brief-discourse-on-changing-browsing-experience\/\">A brief discourse on Changing browsing experience<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/03\/23\/keeping-browsing-experience-update\/\">Keeping Browsing Experience in Users\u2019 Hands, an Update\u2026<\/a><u>\u00a0<\/u><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em>MMPC<\/em><\/p>\n<p><a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/10\/11\/msrt-october-2016-release-adding-more-unwanted-software-detections\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or \u201cextra\u201d software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[10957,10958,10959,10960,10700,10785,10786,10961,10767,10962,10963,10964,10951,10833,10965,10952,10953,666,10768,10761,10762,10956],"class_list":["post-6333","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-browsermodifierwin32sasquor","tag-browsermodifierwin32suptab","tag-checking-windows-defender-exclusions","tag-ghokswa","tag-microsoft-edge","tag-microsoft-malicious-software-removal-tool","tag-msrt","tag-msrt-release-october-2016","tag-objective-criteria","tag-sasquor","tag-software-bundler","tag-suptab","tag-suweezy","tag-trojan","tag-trojanwin32ghokswa","tag-trojanwin32suweezy","tag-trojanwin32xadupi","tag-uncategorized","tag-unwanted-software","tag-windows-10","tag-windows-defender","tag-xadupi"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6333"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6333\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6333"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}